This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - SM 4"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 4</span>}} File:Cornucopia_-_Ecommerce_Website_SM_4....") |
|||
Line 40: | Line 40: | ||
</tr> | </tr> | ||
</table> | </table> | ||
− | |||
− | |||
− | |||
Latest revision as of 16:20, 21 January 2016
Suit: Session management
Card/Value: 4
Description:
Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently.
Technical Note:
There may be reasons to share sessions across multiple applications, but if one of those applications is less secure it might be used to compromise another.
References:
OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
---|---|---|---|---|
59 | 3.12 | SE2 | 31 | 28 |
61 | 61 |